CVE-2016-4482

The proc_connectinfo function in drivers/usb/core/devio.c in the Linuxkernel through 4.6 does not initialize a certain data structure, whichallows local users to obtain sensitive information from kernel stack memoryvia a crafted USBDEVFS_CONNECTINFO ioctl call.

Ubuntu-Description

Kangjie Lu discovered an information leak in the core USB implementation inthe Linux kernel. A local attacker could use this to obtain potentiallysensitive information from kernel memory.

android kernels (flo, goldfish, grouper, maguro, mako and manta) are
not supported on the Ubuntu Touch 14.10 and earlier preview kernels
linux-lts-saucy no longer receives official support
linux-lts-quantal no longer receives official support